background pattern
BEHIND THE HEADLINES – JANUARY 2024

A New Year and new attacks surface after a busy Christmas for cybercriminals

BTH hero

In this edition

case study thumbnail

Lead Article

Twitch & Roblox Threatened by ALPHV/BlackCat

Read more
case study thumbnail

Renewed Concerns As 23andMe Confirms Genetic Data Leak

Read more
case study thumbnail

Cancer Patients Extorted After Hunters International Attack

Read more
case study thumbnail

Feature Article

ALPHV Attacks Defense Contractor

Read more
THREAT ACTOR TRENDS

Ransomware insights

According to Cybersixgill’s data, 255 ransomware results were detected on our Investigative Platform in December, in comparison with 530 results in November. The ransomware gang LockBit were responsible for the highest number of ransomware attacks this month. The top targeted industries were manufacturing and healthcare. The United States and the UK were the top targeted countries.

key industries targeted

The top CVE’s this month based on Cybersixgill’s data

  1. 1.

    CVE-2023-20198

    The current DVE score is 10. Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access.

    CVSS: 10

    DVE: 10

  2. 2.

    CVE-2023-34362

    The current DVE score is 9.79. This relates to a SQL injection vulnerability found in the MOVEit Transfer web application. It allows an unauthenticated attacker to gain access to the database and potentially execute SQL statements to alter or delete database elements.

    CVSS: 9.8

    DVE: 9.79

  3. 3.

    CVE-2023-42793

    The current DVE score is 9.19. This is a vulnerability in JetBrains TeamCity that allows for authentication bypass leading to remote code execution on the TeamCity Server.

    CVSS: 9.8

    DVE: 9.19

THREAT ACTOR TRENDS

Malware insights

The most mentioned malware for December 2023

In December, Redline stealer malware had the highest number of mentions on the underground according to the Cybersixgill Investigative Portal.

This malware harvests information from browsers such as saved credentials and credit card information. More recent versions of the malware added the ability to steal cryptocurrency. RedLine Stealer is a Malware-as-a-Service MaaS), so threat actors can purchase it then sell the stolen data on dark web forums.

Ransomware chart january

Live from the newsroom

  1. 2024 Predictions: AI Becomes More Accessible as Cybersecurity Vendors Address Data Reliability, Diversity, and Privacy

    See Details

  2. 2024 Predictions: AI Will be Used as an Attack Tool and Target

    See Details

  3. Solving the CTI Paradox: Don’t let too much data paralyze your security team

    See Details